Cart
[Home] [By Thread] [By Date] [Recent Entries]
>>>> Roger listed some aspects at the beginning of the thread (today, 7:55am). If those are the criteria, I don't think XML is ever likely to be a good choice - except perhaps for a deliberately chosen subset. <<<< Yes I read those. And those are normal things one might put in a data structure reguardless of the markup format. So I am curious why the statement that one shouldn't use XML ... that is what makes it *more insecure* then other formats ? Lets ignore things like embedded JavaScript ... What *specifically* about XML makes it less secure *intrinsically* ? Even simple formats like CSV can suffer from DOS attacks (say sending a infinitely long line of text without a field separator ?) None of the things Rodger mentioned , in my mind, make XML *inherently less secure* then any other data representation modeling the same data. What about the *format* makes it more prone to attacks ? Say Recursion (one of the listed items)... If recursion was not allowed, but yet someone sent a recusive document ... it would be up to the *processor* not the format,, to protect against infinate recursion (same as its up to the *CSV processor* to prevent a buffer overflow). ---------------------------------------- David A. Lee dlee@c... http://www.xmlsh.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
